NTFS permissions

Tim Howarth tim at worthy.demon.co.uk
Mon Apr 23 04:40:33 EDT 2001


In message <3AE360DA.5030806 at ActiveState.com>
          Mark Hammond <MarkH at ActiveState.com> wrote:

> Tim Howarth wrote:

> > results in an error message "the data area passed to a system call is
> > too small" but the permissions are copied.

> sigh*.  This is a trivial bug in win32security.  The C++ code is
> missing a simple "!" :(.

Ahhhh !

When trying something new like this you always tend to think it's your
own fault !


My problem with directories not accepting security descriptors was
not quite correct.

When using;

acl.AddAccessAllowedAce(win32file.FILE_ALL_ACCESS, sidUser)

sd.SetSecurityDescriptorDacl(1, acl, 0)

win32security.SetFileSecurity('g:\\TestACL\\pot',win32security.
DACL_SECURITY_INFORMATION,sd)



The access is set for the directory but doesn't appear in the
Explorer permissions viewer (Win 2000) because AFAICT the permissions
will not be inherited by subdirectories or files (with these switched on
the access 'ticks' appear).

So next problem how do I turn them on programmatically ?


I'm assuming I need to access the ACE headers and set bits for

OBJECT_INHERIT_ACE
CONTAINER_INHERIT_ACE

If so, can I do this with the current win32/Python ?

acl.AddAccessAllowedAce seems to have no reference to headers, does
win32security just use a default header?

Or have I completely misunderstood.

(I can't believe that ther are thousands of Python users and no one is
doing this kind of NT admin.)

> As a workaround, simply ignore the exception.  All future builds will
> have this fixed.

Thanks.

-- 
___
 |im    ---- ARM Powered ----



More information about the Python-list mailing list